Welcome - Sharing information with the community related to Microsoft SharePoint security, information protection and permissions. Topics will also cover identity federation, claims and software development. Articles will at times be technical and focussed at developers/architects. They will also be higher level and discuss concepts and customer use cases. Have a look around, share your thoughts and I do hope you find some helpful content.

Follow me on Twitter @AntonioMaio2

Thursday, September 10, 2015

Office 365 Alternatives to SharePoint Mail Enabled Libraries

I get this question a lot from clients: how can I use mail enabled libraries in Office 365? As you know, mail enabled libraries are not supported in Office 365. Microsoft’s reasoning behind it is the following:

Mail-enabled lists create contact objects in AD. Since SharePoint Online is a multi-tenant environment, this functionality would cause a large increase in traffic, which in turn would cause performance issues for all customers. This functionality is currently disabled due to the performance concerns, as well as security, data requirement, legal compliance and scalability concerns.

Never say never, however due to the nature of mail enabled libraries, as described in this Microsoft message, I suspect that they are not scheduled to be supported in Office 365 for a very long time. As such, I have been looking at alternatives and the following are 2 alternatives that I would recommend are worth considering.

Site Mailboxes
A site mailbox is a central email account that is accessed from a SharePoint site. A team may choose to use a site mailbox to gather relevant team email conversations or collaborate on composing an important email message. A team may also find it helpful to share important documents securely by using a site mailbox. Once a site mailbox is set up for a site, a new email account is created that uses the name of the site. For example, if you have a team site that uses the URL http://contoso.sharepoint.com/HRSite. The email address for that site mailbox will be HRSite@contoso.sharepoint.com. You can of course email or CC that address in order to have emailed stored within the Site Mailbox, as you could with mail enabled libraries. Everyone who has Contribute permissions to your site will be able to open the site mailbox and view those messages. Then, for example, a few months from now when another team member is trying to recall what information went into a particular decision, that team member can open the site mailbox, search through the mail captured in that account, and see the history of the issue.

When storing a team’s documents on a SharePoint site, you can leverage the Site Mailbox app to share those documents with those who have site access. You can view a site mailbox in Outlook, and when doing so users will see a list of all the documents in that site’s document libraries. Site mailboxes will display the same list of documents to all users, so some users may see documents they do not have access to open. If you’re using Exchange, your documents can also appear in an Outlook folder, which makes it easy to forward documents to others.

All this said, there have been some issues found with site mailboxes (see here for more info) so Microsoft has introduced an alternative to site mailboxes in the last year called Office 365 Groups which I'll talk about further down.

From a licensing perspective, your Office 365 plan must include SharePoint Online and Exchange Online. Site mailboxes require that users have both SharePoint and Exchange licenses. The site mailboxe feature is available across all Office 365 licenses.

If emails within a site mailbox must be secured, it’s important to note that Azure Rights Management (RMS) is not included but it can be purchased as a separate add-on in order to enable the supported IRM features within Site Mailboxes. Office 365 Message Encryption depends on Azure RMS.

Office 365 Groups
An Office 365 Group is a relatively new capability of Office 365 introduced over the last year. It is a shared workspace for email, conversations, files, and calendar events where group members can quickly collaborate. Microsoft has placed a lot of focus on making collaboration in Groups very quick and easy.

Users can subscribe to a group to receive group email, conversations and events in your email inbox, either in Outlook or in Outlook Web Access. Subscribing is not enabled by default. It can be enabled when creating a group, or on an already existing group when adding a new member. As well, each member of a group can subscribe or unsubscribe from a group depending on their needs.

A group contains a shared calendar, allowing group members to manage events and schedules for group members. This is an Outlook/Exchange calendar; it’s not a SharePoint calendar. Groups has built in some really good integration between the Group calendar and your personal Outlook calendar, so that you can easily add events that are on the group calendar to your personal calendar.

A group includes a shared OneNote notebook.

A group contains a OneDrive for Business page which allows users to easily store and access documents in 1 central location that are relevant to group members.

A group also integrates a Yammer conversation feed for the group members.

A group can be public or private. Public groups are open to everyone. If you just want to see what the group is doing, all the content and conversations of a public group are viewable. If you wish to collaborate with a public group, you can join it and become a member. A private group is exclusive and open to its members only. The content and conversations are secure and not viewable by everyone. Teams choose a private group when concerned about security and privacy, such as confidential documents. Everyone can see the name of a private group, but information within the group is security-trimmed so it is not accessible from search, links, or in other ways if you are not a member of the group. Joining a private group requires approval from a group administrator.

Through the OneDrive for Business capabilities, you can share a file or folder with people outside your group and even outside your organization, like customers, partners, or clients. One goal of Office 365 Groups is to strike a balance between collaboration and making sure files are not shared inappropriately. Administrators can require that access requests are sent before granting permissions, which helps to control the sharing within an organization, and enable/disable external sharing.

The following videos provide a great introduction and deep dive to Office 365 Groups:

From a licensing perspective, at time of launch Office 365 Groups were rolled out to all customers that have an Exchange Online or Office 365 commercial subscription. Eligible Office 365 plans include the Office 365 Enterprise E1–E4 subscription plans (including the corresponding A2–A4 and G1–G4 plans for Academic and Government customers, respectively), Office 365 Business Essentials and Business Premium plans, Office 365 Small Business, Small Business Premium and Midsize Business plans and Office 365 Kiosk plan.

No comments:

Post a Comment

About Me

Antonio Maio is an information security architect with over 25 years of experience in cyber security practices and systems, product management, software development and leadership. Antonio is currently a Senior Manager and Senior SharePoint Architect with Protiviti. He has been awarded a Microsoft Most Valuable Professional award for 5 consecutive years, from 2012 to 2016, specializing in Microsoft SharePoint Server, Office 365 and Office Services. His background includes implementing cryptography and PKI systems, information security technologies, and both information governance and cybersecurity best practices. His experience with Microsoft SharePoint and Office 365 extends over the last 10 years. When he’s not helping enterprise, military or government organizations solve security challenges, you can catch him speaking at conferences or contributing to the community through this blog. In his spare time, Antonio likes to oil paint, run, make wine, read and spend time with his family.